{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-8501", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-09-05T20:15:43.015Z", "datePublished": "2025-03-20T10:08:44.723Z", "dateUpdated": "2025-03-20T14:46:18.305Z"}, "containers": {"cna": {"title": "Arbitrary File Download in modelscope/agentscope", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2025-03-20T10:08:44.723Z"}, "descriptions": [{"lang": "en", "value": "An arbitrary file download vulnerability exists in the rpc_agent_client component of modelscope/agentscope version v0.0.4. This vulnerability allows any user to download any file from the rpc_agent's host by exploiting the download_file method. This can lead to unauthorized access to sensitive information, including configuration files, credentials, and potentially system files, which may facilitate further exploitation such as privilege escalation or lateral movement within the network."}], "affected": [{"vendor": "modelscope", "product": "modelscope/agentscope", "versions": [{"version": "unspecified", "status": "affected", "versionType": "custom", "lessThanOrEqual": "latest"}]}], "references": [{"url": "https://huntr.com/bounties/83e433c0-ed2d-4b10-8358-d3c1eee0a47c"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-36 Absolute Path Traversal", "cweId": "CWE-36"}]}], "source": {"advisory": "83e433c0-ed2d-4b10-8358-d3c1eee0a47c", "discovery": "EXTERNAL"}}, "adp": [{"references": [{"url": "https://huntr.com/bounties/83e433c0-ed2d-4b10-8358-d3c1eee0a47c", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-20T14:45:55.539596Z", "id": "CVE-2024-8501", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-20T14:46:18.305Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-8501", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-20T14:45:55.539596Z"}}}], "references": [{"url": "https://huntr.com/bounties/83e433c0-ed2d-4b10-8358-d3c1eee0a47c", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-20T14:46:07.844Z"}}], "cna": {"title": "Arbitrary File Download in modelscope/agentscope", "source": {"advisory": "83e433c0-ed2d-4b10-8358-d3c1eee0a47c", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "modelscope", "product": "modelscope/agentscope", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "latest"}]}], "references": [{"url": "https://huntr.com/bounties/83e433c0-ed2d-4b10-8358-d3c1eee0a47c"}], "descriptions": [{"lang": "en", "value": "An arbitrary file download vulnerability exists in the rpc_agent_client component of modelscope/agentscope version v0.0.4. This vulnerability allows any user to download any file from the rpc_agent's host by exploiting the download_file method. This can lead to unauthorized access to sensitive information, including configuration files, credentials, and potentially system files, which may facilitate further exploitation such as privilege escalation or lateral movement within the network."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-36", "description": "CWE-36 Absolute Path Traversal"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2025-03-20T10:08:44.723Z"}}}, "cveMetadata": {"cveId": "CVE-2024-8501", "state": "PUBLISHED", "dateUpdated": "2025-03-20T14:46:18.305Z", "dateReserved": "2024-09-05T20:15:43.015Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2025-03-20T10:08:44.723Z", "assignerShortName": "@huntr_ai"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:modelscope:agentscope:0.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "D90FB84B-BF69-41F6-875D-BFB3C19EB9CC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An arbitrary file download vulnerability exists in the rpc_agent_client component of modelscope/agentscope version v0.0.4. This vulnerability allows any user to download any file from the rpc_agent's host by exploiting the download_file method. This can lead to unauthorized access to sensitive information, including configuration files, credentials, and potentially system files, which may facilitate further exploitation such as privilege escalation or lateral movement within the network."}, {"lang": "es", "value": "Existe una vulnerabilidad de descarga de archivos arbitrarios en el componente rpc_agent_client de modelscope/agentscope versi\u00f3n v0.0.4. Esta vulnerabilidad permite a cualquier usuario descargar cualquier archivo del host de rpc_agent explotando el m\u00e9todo download_file. Esto puede provocar acceso no autorizado a informaci\u00f3n confidencial, como archivos de configuraci\u00f3n, credenciales y, posiblemente, archivos del sistema, lo que puede facilitar una mayor explotaci\u00f3n, como la escalada de privilegios o el movimiento lateral dentro de la red."}], "id": "CVE-2024-8501", "lastModified": "2025-04-01T20:31:58.713", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-03-20T10:15:42.610", "references": [{"source": "security@huntr.dev", "tags": ["Exploit"], "url": "https://huntr.com/bounties/83e433c0-ed2d-4b10-8358-d3c1eee0a47c"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit"], "url": "https://huntr.com/bounties/83e433c0-ed2d-4b10-8358-d3c1eee0a47c"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-36"}], "source": "security@huntr.dev", "type": "Secondary"}]}

{}